A further 108,000 people's personal details without card verification value have also been compromised, the airline said in a statement.

"While British Airways does not have conclusive evidence that the data was removed from its systems, it is taking a prudent approach in notifying potentially affected customers, advising them to contact their bank or card provider as a precaution," it said.

The company, which has promised to compensate any affected customers, said there had been no verified cases of fraud since its first announcement about the cyber attack in September.

BA at the time took out full-page adverts in the UK newspapers to apologise to customers and called the theft "a very sophisticated, malicious, criminal attack on our website".

The company could be expected to comment further on the attack when IAG publishes its third quarter results on Friday.

The attack came after previous IT woes, including a worldwide system outage last year that affected thousands of customers.